1.生成密钥对
ssh-keygen -t rsa
#-t 指定生成密钥的类型 -f指定生成密钥的路径 -b指定密钥长度
··Generating public/private rsa key pair.Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): #给私钥设置密码
Enter same passphrase again: (再次输入)
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:dIVXlegdITFG12vn3mP109/mmkDWRpZopA8VG9vaTVA root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
| .BO==E|
| .=oB+=.|
| . +.* * +|
| . . + B *.|
| S = =.o|
| o . o|
| . .=|
| . =B|
| ++B|
+----[SHA256]-----+
2.在/root/.ssh下创建authorized_keys文件,将公钥追加到文件中,创建authorized_keys
cd /root/.ssh
touch authorized_keys
cat id_rsa.pub >> authorized_keys #将公钥追加到文件中
3.下载私钥文件
前提检查是否有上传文件的工具如果没有先下载工具
yum -y install lrzsz
然后下载私钥文件
sz id_rsa
4.修改权限#将他的权限设置为600或者更加严格 要不然登录的时候提示 server refuse you key(服务器拒绝你的密钥)
chmod 700 /root/.ssh
chomd /root/.ssh/authorized_keys
5.修改.ssh配置文件
vim /etc/ssh/sshd_config
PubkeyAuthentication yes(打开密钥登录)
PasswordAuthentication no(关闭密码验证登录)
PermitRootLogin yes(允许root远程登录)
6.重启ssh
systemctl restart sshd